British budget airline easyJet said on Tuesday hackers had accessed the email and travel details of around 9 million customers, and the credit card details of more than 2,000 of them, in a “highly sophisticated” attack.
“There is no evidence that any personal information of any nature has been misused, however … we are communicating with the approximately 9 million customers whose travel details were accessed to advise them of protective steps to minimise any risk of potential phishing,” it said.
The airline, which has grounded most of its flights due to the COVID-19 pandemic and is locked in a long-running battle with its founder and biggest shareholder, said it did not look like any personal information had been misused.
“We take issues of security extremely seriously and continue to invest to further enhance our security environment,” it said in a statement to the stock exchange.
The company said it had engaged leading forensic experts to investigate the issue. It has also notified the Information Commissioner’s Office and the National Cyber Security Centre.
Hackers have stepped up their efforts to target major companies and the data they hold on customers. British Airways was hit in 2018 with the theft of credit card details of hundreds of thousands of its customers, while Cathay Pacific was also hit.